Intrusion Detection – Network traffic data and alerts from government servers; this information includes the IP address, port address, timestamp and some red flags identified in network traffic; telltale signs, or signatures, of known malicious behavior; oddities in captured traffic, such as “an unusual number of hits,” or sometimes, “known actors floating through multiple dot-gov” websites. Interactions with domain name system servers that translate website names like “USDA.gov” into numeric IP addresses.

Intrusion Prevention – Indicators of known and unknown malicious activity agencies should be on the lookout for.

Analysis – Forensic imagery and files from the U.S. Computer Emergency Readiness Team containing malicious data for studying purposes; metadata from traffic “packet capture” analysis might contain email addresses and IP addresses; a database for supporting commercially available tools that allow US-CERT personnel to visualize relevant relationships “by presenting drilldown views of data with patterns, trends, series and associations to analyze seemingly unrelated data”; a segregated, closed computer network system for inspecting digital devices and their storage mediums; information about security vulnerabilities and threats in the form of actual malicious code submitted to US-CERT.

Information Sharing – Technical Web records, including operations and maintenance; content might include research, white papers, advertising for conferences and other published information for feds and the public; “CyberScope” reports on an agency’s security posture required to comply with the 2002 Federal Information Security Management Act; the US-CERT.gov website and data exchange portal; a repository for threat sightings and indicators.